KeePass and KeePassX – Password Manager

The other week I wrote an introduction to Password Managers. For this second article I introduce you to KeePass.

Previously I had written about the issue of people using the same password for the same websites that they visit often. This is still very much a huge issue on the Internet. I consider it a heresy. There are some Password Managers that are better than most, and in a recent survey by PC Magazine, they highlighted a few, though most were paid applications. Not everyone wants to pay for a piece of software. Also, not everyone wants to use a Password Manager that has their key information stored in the cloud, regardless of a master-key password. Somehow that doesn’t make sense to a security fusspot like me.

A much better solution is if you held your password information locally on your computer, and also in a key file that you can have stored on a USB stick dangling around your neck, to take around with you wherever you go. A solution that might just work for some people is one that is called KeePass, or KeePassX if you come from the Linux side of the fence.

Being a Linux user myself, it was easy enough to install the package through the command-line interface:

sudo apt-get install KeePassx

The other major advantage is that it is free to use.

Now KeePass has been around for a little while and there’s also a Windows version and a mobile version, which is easy enough to find across the Internet, or in the latter’s case, on the Apple Store or Android Store.

Like any Password Manager application, it is pretty easy to work with, and if you’ve worked with password managers before they are similar in structure and usage. Once you have installed KeePass on your computer, all you do is create a database and give it a master-key password. Once that is done, you can add your website entries into the database/file.

KeePass-file.kpx [create this database file, give it a password which becomes your master-key. Please remember it.]

The thing I like about KeePass, is that you can use the traditional methods to create your user password for the various sites that you visit, by entering:

1) a name for the website entry
2) your user name, or email address (depending on what the site requires)
3) password for the site
4) confirmation of your password
5) website URL.
6) Click OK

KeePass data entry

Some websites require dual login screens or two Factor authentication. In that case, all you would need to do is create two entries for that website:

  1. create the first entry (as per above steps 1 to 5.
  2. create a second entry, with just the passwords (3 and 4) and run it as the auto type option. If you right-click the website entry, you will see the Auto-Type display as an option.

You may need to experiment with this, such as opening the web page, and click directly on the field which requires the username, then go back to KeePass and generate the Auto-Type. It does work, but you’ll appreciate that not all websites are designed the same.

Note: it seems that Auto Type is only useable on Linux, and not Windows or Mac, according to their website FAQ. Maybe if a Windows or Mac user can confirm this?

As mentioned, another good feature is that the KeePass application is available for your smartphone. However, there is some trickery involved ensuring that you use the relevant KeePass database file that you’ve created elsewhere (i.e. your laptop).

I say trickery, that’s because KeePass does not have an auto synchronisation feature that some of the other paid applications do, in particular, those that are on the Cloud. This might be a deterrent, but this is what I do:

  1. In my case, I have created the KeePass database file, with my master-key password embedded inside it, on a Linux laptop. This particular file can be used on different laptops and also your smartphone but the trick is, you’ll need to ensure that the correct updated file is always being used. Simply because there is no Sync feature. And for security buffs, that’s probably a good thing!
  2. I don’t ever want to put my kpx file up on a Dropbox file share for instance, or some other shared cloud file storage. I much prefer to have it accessible from my NAS Drives that I have as local storage, which I can then retrieve from my other machines and devices attached to the network, including my smartphone.

To ensure that I have the correct file, I make sure I do two things:

  1. Firstly, that all of my website entries are entered into one unique machine. This is what I would call my master machine or production machine. That way you don’t get confused with multiple versions on different machines, and remembering which version is what.
  2. When I save the kpx file, I make sure I give it a date and timestamp annotated in the filename.
KeePass-file_2017_09_05-11_42_33.kpx

Also, it might be a good idea to keep some of those older kpx files hanging around. Just as a backup and as a precaution in case something happens to the current master file.

In Summary
I like the fact that I can use KeePass on my local machines, and trigger access to the various websites that I visit from a source within my local machine rather than on the Cloud. KeePass will open up the default browser on your machine, and you can go from there.

And also the fact that I don’t actually have to pay for anything. I’m paying enough as it is for other Cloud apps that I use, so KeePass is a good for not spending extra money, I anticipate KeePass will be a regularly used app from now on in.

Links:
https://www.keepassx.org
http://keepass.info

Other Related Site Pages:
Password Managers

Leave a Reply

Your email address will not be published. Required fields are marked *